signed and encrypted packages
Go to file
Volker Birk 7e1a2acbf0 beauty 2022-05-22 16:24:19 +02:00
src beauty 2022-05-22 16:24:19 +02:00
test make load functions part of the API 2022-05-21 18:41:21 +02:00
utils add defaults to --help 2022-05-21 22:41:11 +02:00
.gitignore install_if_location_empty() fixed 2022-05-21 00:39:29 +02:00
LICENSE Initial commit 2022-05-10 16:01:54 +02:00 extending README 2022-05-21 19:33:18 +02:00 use ed25519 2022-05-21 01:30:50 +02:00


Signed and encrypted packages for deployment

To create such a package have a look at this script, which uses this Python program to encrypt.

See also the format specification.

How to use this

Signed packages can be used to transport critical data in a secure way. So they can be used for provisioning for users.

Use case: provision for a user

This code fragment shows the idea of how to provision for a user. It case the user was already provisioned this does nothing. In case an error occurs it throws an exception with the error message.

#include <pEp/unpack.hh>

void provision(std::string url)
    pEp::UpdateClient::product p { "provisioning data", url };

    UpdateClient::PublicKey update_key;

    CryptoPP::ed25519PublicKey deployment_key;
    SignedPackage::LoadPublicKey("deployment_key-pub.der", deployment_key);

    CryptoPP::RSA::PrivateKey provisioning_key;
    SignedPackage::LoadPrivateKey("provisioning_key.der", provisioning_key);

    SignedPackage::provision_user(p, update_key, deployment_key,

Keys and their meaning

Update key

The Update key is the public key, which identifies the Update server. It guarantees that all downloaded data is coming from authorized source.

It is used for the encryption of the network traffic.

Deployment key

The Deployment key is the public key, with which the downloaded Signed package can be checked if it was created by the authorized factory.

It is used for verification of the Distribution signature.

Provisioning key

The Provisioning key is the private key, which represents the user. The Signed package is encrypted using the Provisioning key, making it impossible for other users to uncover the Provisioning data.